Daan De Meyer
d54d6197d5
Revert "ci: Build with sanitizers in mkosi"
...
This reverts commit 639403f9a8
2024-05-30 14:50:10 +02:00
Daan De Meyer
381918edc9
Merge pull request #32866 from DaanDeMeyer/sanitizers
...
mkosi: Sanitizers
2024-05-30 14:49:13 +02:00
Daan De Meyer
465d302d48
mkosi: Preserve environment when running integration tests with sudo
...
Otherwise we won't detect we're running in Github Actions and will
show the wrong command to fetch the journal.
2024-05-30 13:50:27 +02:00
Daan De Meyer
639403f9a8
ci: Build with sanitizers in mkosi
2024-05-30 12:47:45 +02:00
Daan De Meyer
aef13ad029
mkosi: Sanitizer improvements
...
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-30 12:47:45 +02:00
Daan De Meyer
d12fedd25e
mkosi: Run integration tests as root
...
This allows running integration tests that support it in nspawn
instead of qemu. This both gives extra coverage and speeds things up.
2024-05-29 14:10:50 +02:00
Daan De Meyer
09466b2a0e
mkosi: update to latest
2024-05-29 14:10:47 +02:00
Luca Boccassi
0dde8adcf5
Revert "CI: add manual workflow to publish pages to fix submodule issue"
...
Nope, it's broken, never mind
This reverts commit b0f9c3c648
2024-05-16 15:31:52 +01:00
Luca Boccassi
b0f9c3c648
CI: add manual workflow to publish pages to fix submodule issue
...
Cloning the fedora/centos submodules fails because --depth 1 is used. Fork the actions workflow and use fetch-depth: 0 to disable it.
2024-05-16 16:27:40 +02:00
Zbigniew Jędrzejewski-Szmek
f222ef107d
mkosi: Restore job for F40
...
This partially reverts ecf8468dd4
2024-05-14 21:23:46 +02:00
Daan De Meyer
ecf8468dd4
mkosi: Update fedora to latest
...
We drop the Fedora 40 job as the latest rawhide spec introduced
dependencies that are not available in Fedora 40.
2024-05-14 20:44:39 +02:00
Daan De Meyer
23d79a84a4
mkosi: Update to latest
2024-05-14 12:43:28 +02:00
Daan De Meyer
5dd3657f86
ci: Optimize pull request labeler
...
We keep running into rate limits, so let's optimize the number of
requests we do in the pull request labeler to hopefully fix that.
2024-05-07 17:49:54 +02:00
Daan De Meyer
b1670c52ad
mkosi: Switch to fedora 40
...
Enable updates-testing and use the most recent mirror to make sure
we get util-linux 2.40.1 which contains a crucial fix to make sure
the serial terminal in virtual machines works properly.
2024-05-07 11:51:29 +02:00
Daan De Meyer
7681a8ee58
ci: Disable RuntimeBuildSources=
...
We build with debuginfo, so there's no point to starting virtiofsd
to mount the sources and build directory into the VM, so let's
disable that.
2024-05-06 22:23:37 +02:00
Daan De Meyer
eabf46ef89
ci: Reduce the number of integration tests we run concurrently
...
Since there's a bunch of CPU hungry systemd-journal-remote processes
running on the host to received the forwarded logs, by running as many
test as the VM has cores we overload the available resources. Let's leave
use the number of cores - 1 to reduce resource contention.
2024-05-06 11:57:09 +02:00
Daan De Meyer
ffda3c3de9
mkosi: Disable ext4's orphan_file feature for centos images
...
Not supported by e2fsck from centos. We also disable building repart
from source in CI as running it from the build directory means repart
will run mkfs.ext4 from the host which doesn't know about the orphan_file
feature causing it to fail.
2024-05-06 10:56:45 +02:00
Daan De Meyer
81af7ac925
mkosi: Enable udev debug logging in CI
...
It's very useful to debug race conditions with loop devices, so let's
enable the logging now that it goes to the journal and not to the
console.
2024-05-06 10:56:45 +02:00
Daan De Meyer
1c329956e5
mkosi: Insist on KVM, VSOCK and TPM by default
...
By default mkosi will not run VMs with these features if they're not
available, but since various stuff in systemd makes use of these, let's
fail loudly if any of these are not available by default in systemd.
Users can still override these defaults locally if they wish.
2024-05-06 10:56:45 +02:00
Daan De Meyer
86e249f326
mkosi: Update to latest
2024-05-06 10:56:45 +02:00
Frantisek Sumsal
57188d1467
Merge pull request #32609 from systemd/dependabot/github_actions/github/super-linter-6
...
build(deps): bump github/super-linter from 5.0.0 to 6
2024-05-02 10:16:40 +02:00
Frantisek Sumsal
109780a35e
ci: point Super-Linter to the new upstream
...
Looks like since [0] the Super-Linter repo was moved to
super-linter/super-linter and github/super-linter is just a fork, so
let's update the reference accordingly.
[0] 59fac7946c
2024-05-02 09:53:43 +02:00
Frantisek Sumsal
b160ac9c12
ci: explicitly disable multi status for Super-Linter
...
The multi status feature requires $GITHUB_TOKEN, and since [0] it
defaults to true. Since we don't need it, let's explicitly disable the
feature.
[0] e6e6e1fa5f
2024-05-02 09:46:44 +02:00
dependabot[bot]
6a8bffbc6c
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](c15070885a...52bab0caa5
2024-05-01 16:01:22 +02:00
dependabot[bot]
916102ab89
build(deps): bump redhat-plumbers-in-action/gather-pull-request-metadata
...
Bumps [redhat-plumbers-in-action/gather-pull-request-metadata](https://github.com/redhat-plumbers-in-action/gather-pull-request-metadata ) from 1.6.1 to 1.7.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/gather-pull-request-metadata/releases )
- [Commits](69c703f376...17821d3bc2
2024-05-01 16:00:48 +02:00
dependabot[bot]
8fb796a423
build(deps): bump github/super-linter from 5.0.0 to 6
...
Bumps [github/super-linter](https://github.com/github/super-linter ) from 5.0.0 to 6.
- [Release notes](https://github.com/github/super-linter/releases )
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md )
- [Commits](45fc0d8828...4e51915f4a
2024-05-01 09:42:38 +00:00
Mike Yuan
2286c15676
development-freeze: suppress warning for some labels
2024-04-29 18:59:02 +08:00
Mike Yuan
274623cc83
labeler: add l10n 🌍
2024-04-29 18:56:54 +08:00
Daan De Meyer
b6df6bef31
mkosi: Update to latest
2024-04-26 13:36:40 +02:00
Daan De Meyer
1731008879
mkosi: Only keep failed test journals and other logs for 7 days
...
The default retention of 90 days seems a bit long, so drop it to 7
days.
2024-04-25 20:51:11 +02:00
Daan De Meyer
4becd5fb73
mkosi: Only archive outputs in systemd and systemd-stable repositories
...
Private forks would very quickly reach their quota or spend lots of
money trying to archive all these artifacts, so let's make sure it
only happens on our own repositories.
2024-04-25 20:51:08 +02:00
Richard Maw
292110aa1c
ci: Add the meson logs to failure log artifacts
...
It is not a lot of use to add --debug to tests without it
since only the last 100 lines are printed to console.
2024-04-25 13:05:37 +01:00
Richard Maw
aca6533951
ci: Update mkosi version
...
The change to add microcode support had a bug in ukify handling
that broke when it should have been picked up from ExtraSearchPaths.
2024-04-25 13:05:37 +01:00
Luca Boccassi
2d0c95f2b2
ci: remove packages.microsoft.com
...
It is not needed, it publishes things like dotnet, and it is often
broken, so just remove the sources
2024-04-24 18:07:52 +02:00
Richard Maw
0bc1e9592e
mkosi: Update to latest
2024-04-24 11:01:35 +02:00
Daan De Meyer
5841b5af48
mkosi: Configure lower retention limit for package artifacts
...
This is more than 0.5G per job, so let's drop the retention to
4 days to make sure we don't hit github's limits.
2024-04-23 11:58:44 +02:00
Daan De Meyer
279b3d4690
mkosi: Fix Arch Linux package glob
2024-04-23 11:53:28 +02:00
Daan De Meyer
422124072d
mkosi: Run integration tests in CI
...
We do the image build and run the tests in a btrfs loopback so we
can make use of btrfs subvolumes and COW to keep the disk space
requirements to a minimum and speed up the ephemeral copies we make
of the image to run the tests.
We also switch to building debug packages and publishing the built
packages as artifacts.
2024-04-23 10:33:08 +02:00
Daan De Meyer
e3cd320021
mkosi: Update to latest
2024-04-23 10:24:59 +02:00
Daan De Meyer
a32d6161bb
mkosi: Update to latest
2024-04-22 09:08:16 +02:00
Frantisek Sumsal
49c11c789a
ci: fix systemd-machined component name
...
Follow-up for d762f4d52d
2024-04-20 14:38:54 +02:00
Sarvajith Adyanthaya
d762f4d52d
Replaced "machined" label with "machine" #32373
2024-04-20 10:53:00 +02:00
Frantisek Sumsal
20730c60dd
labeler: merge "logind" label into "login"
...
Existing issues/PRs were migrated to the login label using:
$ gh search issues --repo systemd/systemd --label logind --limit=1000 --json number -q .[].number | \
xargs gh issue edit --add-label login --remove-label logind
2024-04-19 18:31:51 +02:00
Daan De Meyer
eadf555fd4
mkosi: Update to latest
2024-04-18 13:26:44 +02:00
Daan De Meyer
22fa7cbccc
mkosi: Drop workarounds
...
With the latest Github Actions image release none of these should
be required anymore (20240414.1.1).
2024-04-17 17:36:36 +02:00
Daan De Meyer
1976b1d86d
mkosi: Update to latest
2024-04-15 08:53:25 +02:00
Kristian Klausen
4d95bfcab0
github: add systemd-vmspawn to the issue templates
2024-04-15 14:38:25 +09:00
Daan De Meyer
659cf9191c
mkosi: Remove outdated comment
2024-04-14 19:59:21 +02:00
Daan De Meyer
8630fb6041
mkosi: Don't log debug logs to console
...
We have various tools that log directly to the console, as well as
pid1 which logs directly to the console when running in a container.
Let's make sure that we don't log debug messages to the console by
default, but keep the behavior when running in CI.
2024-04-14 19:59:10 +02:00
Daan De Meyer
962f9d6fb4
mkosi: Update to latest
2024-04-14 19:53:09 +02:00
Daan De Meyer
0e4eba6fcb
mkosi: Update to latest
2024-04-09 11:56:45 +02:00
Mike Yuan
8953917d00
labeler: add mountfsd and nsresource
2024-04-08 20:14:37 +08:00
Frantisek Sumsal
ef6a2df7fe
ci: fix commit SHA for stefanbuck/github-issue-parser
...
The SHA for this action was updated by Dependabot in #25900 to a commit
which later disappeared from the repo. Since then Dependabot kept
(silently) failing to bump the SHA further:
updater | 2024/03/31 21:22:13 ERROR <job_807574419> Error processing stefanbuck/github-issue-parser (Dependabot::SharedHelpers::HelperSubprocessFailed)
updater | 2024/03/31 21:22:13 ERROR <job_807574419> error: no such commit c1a559d78bfb8dd05216dab9ffd2b91082ff5324
See: https://github.com/systemd/systemd/pull/25900#issuecomment-2028912672
Let's bump the SHA manually to v3.1.0 to get Dependabot back on the track.
Co-authored-by: Evgeny Vereshchagin <evvers@ya.ru>
2024-04-02 17:19:16 +01:00
dependabot[bot]
427dbbab8c
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 31af101620fc2996517d87e86da310f7ba553d58 to 4dfdf98ed2877a1e40f37234e0b8fbba0fec3584.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](31af101620...4dfdf98ed2
2024-04-02 12:38:00 +02:00
dependabot[bot]
76dddd6323
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](b9df2a9417...c15070885a
2024-04-01 12:11:52 +02:00
Daan De Meyer
e11fe427f8
mkosi: Update to latest
2024-03-27 16:14:15 +01:00
Daan De Meyer
c2720fa55c
mkosi: Re-enable OpenSUSE build
2024-03-27 12:20:50 +01:00
Daan De Meyer
b2b3b4ed84
mkosi: Update to latest
2024-03-27 12:20:50 +01:00
Frantisek Sumsal
4651e1428d
ci: build with clang-18
2024-03-26 03:14:33 +09:00
Evgeny Vereshchagin
ae0e1cb989
CI: revert the mmap_rnd_bits kludge
...
This reverts commit 2e0c2fb8fbb7c7498de8https://github.com/actions/runner-images/issues/9491 is closed.
2024-03-21 10:22:43 +01:00
Jan Macku
ec8c80eddb
ci(freezer): update devel-freezer GHA to v1.1.0
...
The new version of `devel-freezer` GitHub Action adds support for milestones, labels, and more. Now, when the `rc` tag is published, it won't post a development freeze comment on PRs included in the next milestone.
This commit also sets a delay of the 20s for PR validation to give some time for updating labels and milestones on submitted PRs.
2024-03-20 12:37:18 +01:00
Jan Macku
2547791075
ci(freezer): update metadata and development_freeze workflow
...
use custom action to gather PR metadata and download artifact rather then inline script
2024-03-20 10:44:31 +01:00
Jan Macku
b026b9edf5
ci(metadata): remove fetch-depth: 0 it's not needed anymore
2024-03-20 10:35:40 +01:00
Daan De Meyer
e48c170f51
mkosi: Do disk space cleanup asynchronously
...
This can actually take a rather long time (multiple minutes) so
make sure we do it asynchronously.
2024-03-16 05:31:25 +09:00
Evgeny Vereshchagin
2e0c2fb8fb
cifuzz,cflite: set mmap_rnd_bits to 28
...
to get MSan jobs to work with the latest Ubuntu images.
https://github.com/google/sanitizers/issues/1614
https://github.com/actions/runner-images/issues/9491
2024-03-15 21:58:41 +09:00
Daan De Meyer
e399efea79
mkosi: Enable KVM
...
Since https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/ ,
it seems that KVM is supported on GA runners, so let's explicitly
enable it to make sure it is used.
We update mkosi to latest and set QemuFirmware=uefi to disable
secure boot which crashes qemu until https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2038777
is fixed.
2024-03-13 23:45:11 +01:00
dependabot[bot]
a17ae1f8d5
build(deps): bump github/codeql-action from 3.24.6 to 3.24.7
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.6 to 3.24.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8a470fddaf...3ab4101902
2024-03-13 23:16:19 +01:00
dependabot[bot]
e065f1c41b
build(deps): bump actions/checkout from 4.1.1 to 4.1.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3
2024-03-13 20:15:20 +01:00
dependabot[bot]
660efa717c
build(deps): bump meson from 1.3.2 to 1.4.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.2...1.4.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 19:26:52 +01:00
dependabot[bot]
9daa5b2a96
build(deps): bump softprops/action-gh-release from 1 to 2
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](de2c0eb89a...9d7c94cfd0
2024-03-13 19:26:03 +01:00
Daan De Meyer
37bd860c22
mkosi: Introduce packaging sources as submodules
...
By always cloning the latest branch commit, we can't bisect properly
using mkosi as when bisecting wildly different packaging sources will
be used compared to when the commit was merged. By using submodules, we
track individual commits which means when bisecting the same packaging
sources will be used.
We use git submodules as dependabot has support for automatically making
PRs to update git submodules. This commit also includes the necessary
dependabot configuration to enable this.
We make ubuntu/debian use the same submodule instead of adding the debian
packaging sources twice by introducing a new $PKG_SUBDIR environment variable
and using it instead of $DISTRIBUTION.
2024-03-13 12:07:49 +01:00
Frantisek Sumsal
b7c7498de8
ci: reduce ASLR entropy
...
The latest GH Action runners started using 32-bit entropy for ASLR,
which makes it incompatible with llvm-14. This was fixed in later llvm
releases, but these aren't available on Ubuntu Jammy (22.04). Let's
reduce the ASLR entropy to 28-bit, which should make llvm happy again,
until the issue is resolved.
See: https://github.com/actions/runner-images/issues/9491
2024-03-12 16:17:46 +00:00
Daan De Meyer
61fbdd441f
Merge pull request #31345 from DaanDeMeyer/mkosi-packages
...
Build distribution packages in mkosi
2024-03-07 11:12:14 +01:00
Daan De Meyer
4d0f1451b5
Build distribution packages in mkosi
...
Instead of running meson install and hoping for the best, let's build
distribution packages from the downstream packaging specs. This gets
us the following:
- Vastly simplified mkosi scripts since we don't need a separate initrd
image anymore but can just reuse the default mkosi initrd.
- Almost everything can move to the base image as its not the basis
anymore for the initrd and as such we don't need to care about the
size anymore.
- The systemd packages that get pulled in as dependencies of other
packages get properly uninstalled and replaced with our packages that
we built instead of just installing on top of an existing systemd
installation with no guarantee that everything from that previous
installation was removed.
- Much better testing coverage as what we're testing is much closer
to what will actually be deployed in distributions.
- Immediate feedback if something we change breaks distribution packaging
- We get integration with the distribution for free as we'll automatically
use the proper directories and such instead of having to hack this
into a mkosi build script.
- ...
2024-03-07 10:47:19 +01:00
Daan De Meyer
542bad6552
mkosi: Update to v21
2024-03-07 10:47:01 +01:00
Frantisek Sumsal
7161af9612
ci: explicitly change oom-{score}-adj before running tests
...
For some reason root in GH actions is able to _decrease_ its oom score
even after dropping all capabilities (including CAP_SYS_RESOURCE), until
the oom score is changed explicitly after sudo:
$ systemd-detect-virt
microsoft
$ sudo su -
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,...,!cap_sys_resource,...,!cap_checkpoint_restore
Securebits: 00/0x0/1'b0
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
pid 22180's OOM score adjust value changed from 500 to -101
~# choom -p $$ -n 500
pid 22027's OOM score adjust value changed from 500 to 500
~# capsh --drop=all -- -c 'capsh --print; grep -H . /proc/self/oom*; choom -p $$ -n -101'
Current: =
Bounding set =
Ambient set =
...
uid=0(root) euid=0(root)
gid=0(root)
groups=0(root)
Guessed mode: UNCERTAIN (0)
/proc/self/oom_adj:8
/proc/self/oom_score:1000
/proc/self/oom_score_adj:500
choom: failed to set score adjust value: Permission denied
I have no idea what's going on, but it breaks
exec-oomscoreadjust-negative.service from test-execute when running
unprivileged.
2024-03-06 16:10:47 +01:00
Frantisek Sumsal
c538fecc61
ci: make the build dir accessible when running w/o privileges
...
Otherwise the unprivileged part of test-execute gets silently skipped:
/* test_run_tests_unprivileged */
Successfully forked off '(test-execute-unprivileged)' as PID 20998.
...
pin_callout_binary: build dir binary: /home/runner/work/systemd/systemd/build/systemd-executor
pin_callout_binary: open(/home/runner/work/systemd/systemd/build/systemd-executor)=-13
Failed to pin executor binary: No such file or directory
(test-execute-unprivileged): manager_new, skipping tests: No such file or directory
(test-execute-unprivileged) succeeded.
2024-03-06 16:10:47 +01:00
Luca Boccassi
5e39dc2f30
CI: free up diskspace before mkosi jobs
...
The runner has a lot of useless things installed, taking ~10GB, and
jobs have started to fail when booting images due to lack of disk
space, so delete some directories to make room.
2024-02-27T20:20:58.0998709Z ##[warning]You are running out of disk space. The runner will stop working when the machine runs out of disk space. Free space left: 0 MB
Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-03-01 20:04:13 +00:00
dependabot[bot]
5346a81024
build(deps): bump meson from 1.3.1 to 1.3.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.1...1.3.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-01 12:08:07 +01:00
dependabot[bot]
99e59d24f3
build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](26f96dfa69...5d5d22a312
2024-03-01 11:57:31 +01:00
dependabot[bot]
ba959322a4
build(deps): bump github/codeql-action from 3.22.12 to 3.24.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.22.12 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](012739e508...8a470fddaf
2024-03-01 11:06:02 +01:00
dependabot[bot]
04dd8258b4
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](91e2582e40...b9df2a9417
2024-03-01 10:57:00 +01:00
Zbigniew Jędrzejewski-Szmek
ab95ba1558
Merge pull request #31511 from jamacku/prepare-for-diff-shellcheck
...
Prepare for new version of Differential ShellCheck & scanning of shell completion scripts
2024-02-28 10:28:56 +01:00
Jan Macku
c1631d4e49
ci(labeler): add rule for shell-completion label
2024-02-27 15:26:45 +00:00
Jan Macku
464b03d23c
ci(lint): temporarily disable ShellCheck for bash-completion
...
This commit should be reverted once bash completion is in better shape when it comes to ShellCheck.
2024-02-27 15:41:28 +01:00
Jan Macku
b2e0caf882
ci(lint): exclude zsh completion from ShellCheck
...
zsh is not supported by ShellCheck
2024-02-27 15:41:28 +01:00
Jan Macku
a62013b382
ci(freezer): use GitHub Markdown magic for messages
...
It should make messages easier to notice.
GitHub docs: https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts
2024-02-23 08:44:10 +00:00
Jan Macku
12af0efba5
ci(labeler): add policy for escape labeler
2024-02-19 16:09:15 +01:00
dependabot[bot]
0279c0abf3
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from dbce89aabda438ba58080366631b2c242e365f21 to 070528fec478fc93af7ec057a5d2fd0045123c99.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](dbce89aabd...070528fec4
2024-02-09 16:28:12 +01:00
dependabot[bot]
f6f00383ff
build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.0.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...26f96dfa69
2024-02-01 12:18:13 +01:00
dependabot[bot]
12d1e448b2
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 2.0.6 to 3.0.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](71bcf99aef...9e55064634
2024-02-01 10:57:02 +01:00
Luca Boccassi
431f836bd4
CI: set TZ= in a unit test run to ensure tests don't break
2024-01-26 00:25:04 +00:00
Luca Boccassi
ddf934cf04
Merge pull request #30972 from mrc0mmand/ci-unit-tests-ukify
...
ci: install python3-pytest for ukify tests
2024-01-17 11:46:45 +00:00
Frantisek Sumsal
ee23a85561
ci: install python3-pytest for ukify tests
2024-01-16 21:36:05 +01:00
Mike Yuan
50d5f64632
labeler: add bsod, hibernate-resume, nspawn and vmspawn
2024-01-16 16:13:26 +00:00
Daan De Meyer
52842bb2c5
mkosi: Build a directory image by default
...
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
```
[Output]
Format=disk
```
2024-01-12 16:19:48 +01:00
Daan De Meyer
8c018edb0a
mkosi: Update to latest
...
The mkosi github action doesn't set up the host machine for building
full images anymore. Instead, only sufficient packages are installed
to be able to build tools trees so we configure a fedora tools tree
to build the actual images.
2024-01-09 14:58:34 +00:00
Frantisek Sumsal
96e4c62698
ci: build with -O2 and -Wmaybe-uninitialized
...
According to the comment in meson.build this should be a supported
configuration, so let's test it in the CI as well.
2024-01-04 21:27:10 +01:00
Mike Yuan
42e6ad1684
labeler: add matches for login and logind
2024-01-03 15:00:36 +00:00
Frantisek Sumsal
b3fb73a5f2
ci: allow testing changes made to labeler configuration
2024-01-02 12:52:03 +01:00
Frantisek Sumsal
17b056a340
ci: use a boolean value for the boolean field
...
The issue[0] behind this workaround has been resolved[1], so we can set it
to a proper boolean field.
[0] https://github.com/systemd/systemd/issues/18671
[1] https://github.com/actions/labeler/pull/480
2024-01-02 12:42:03 +01:00
Frantisek Sumsal
d151d6ce6f
ci: migrate labeler configuration to the new format
...
Turns out updating the labeler action is a bit annoying[0], so the
breaking change wasn't detected in the version bump PR.
[0] https://github.com/actions/labeler/#notes-regarding-pull_request_target-event
Follow-up to f88c9b0728
2024-01-02 12:42:03 +01:00
dependabot[bot]
01b50b4aaf
build(deps): bump github/codeql-action from 2.22.8 to 3.22.12
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.22.8 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](407ffafae6...012739e508
2024-01-01 13:52:09 +00:00
dependabot[bot]
f88c9b0728
build(deps): bump actions/labeler from 4.3.0 to 5.0.0
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](ac9175f8a1...8558fd7429
2024-01-01 13:22:27 +00:00
dependabot[bot]
94ce8e248e
build(deps): bump actions/upload-artifact from 3.1.2 to 4.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 4.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...c7d193f32e
2024-01-01 13:19:03 +00:00
dependabot[bot]
13efb5cbd3
build(deps): bump meson from 1.3.0 to 1.3.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.0...1.3.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-01-01 13:17:28 +00:00
Yu Watanabe
ab84005cb2
github: bump version in template
2023-12-25 02:23:14 +09:00
dependabot[bot]
ba47598aef
build(deps): bump meson from 1.2.3 to 1.3.0 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.3 to 1.3.0.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.3...1.3.0 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-01 14:49:19 +00:00
dependabot[bot]
d50a357dce
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](aa647ec446...91e2582e40
2023-12-01 14:48:48 +00:00
dependabot[bot]
135c249147
build(deps): bump redhat-plumbers-in-action/devel-freezer
...
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer ) from 1.0.7 to 1.0.8.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases )
- [Commits](13b6551f19...67aec4a153
2023-12-01 14:48:14 +00:00
dependabot[bot]
e8bad6615d
build(deps): bump actions/github-script from 6.4.1 to 7.0.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.1 to 7.0.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-12-01 14:47:23 +00:00
dependabot[bot]
50613206f2
build(deps): bump github/codeql-action from 2.21.9 to 2.22.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.9 to 2.22.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ddccb87388...407ffafae6
2023-12-01 14:46:46 +00:00
Luca Boccassi
edb37ee15c
Revert "mkosi ci: enable jammy-proposed"
...
libsolv has migrated to jammy-updates, so we can disable the
proposed-updates repository again.
This reverts commit 48bfc6791d
2023-11-29 17:30:54 +01:00
Daan De Meyer
bcb335ac68
Update to mkosi v19
...
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
for local configuration
2023-11-28 19:54:58 +01:00
Luca Boccassi
48bfc6791d
mkosi ci: enable jammy-proposed
...
This will bring in the fix for rawhide/tumbleweed builds (new libsolv
capable of handling zstd). If all goes well it will migrate to jammy
proper in a week and it can be reverted
2023-11-17 14:14:18 +00:00
Lennart Poettering
7e91c97aff
ci: work around mold/clang incompat
...
See discussion:
https://github.com/systemd/systemd/pull/30003#issuecomment-1808349258
2023-11-13 16:24:17 +01:00
Luca Boccassi
37f16ef072
ci: add -Dutmp=false coverage
2023-11-08 18:41:47 +00:00
Luca Boccassi
c13e6c720d
mkosi: explicitly disable KVM in GHA runs
...
mkosi detects whether /dev/kvm is available and uses it if it is. But
some GHA hosts have it, but it's broken and not supported, so we need
to explicitly disable it.
2023-11-02 12:16:11 +00:00
dependabot[bot]
6a4d0efa00
build(deps): bump meson from 1.2.2 to 1.2.3 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.2...1.2.3 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 19:28:19 +00:00
dependabot[bot]
ca4d726205
build(deps): bump ninja from 1.11.1 to 1.11.1.1 in /.github/workflows
...
Bumps [ninja](https://github.com/ninja-build/ninja ) from 1.11.1 to 1.11.1.1.
- [Release notes](https://github.com/ninja-build/ninja/releases )
- [Commits](https://github.com/ninja-build/ninja/commits )
---
updated-dependencies:
- dependency-name: ninja
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-01 17:30:30 +00:00
dependabot[bot]
094632a0ef
build(deps): bump actions/checkout from 4.1.0 to 4.1.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-11-01 12:32:55 +00:00
dependabot[bot]
ac60a3a41e
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 4.2.2 to 5.0.1.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](ac4483d8c6...aa647ec446
2023-11-01 12:30:41 +00:00
dependabot[bot]
f211277934
build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...0864cf1902
2023-11-01 12:26:57 +00:00
Luca Boccassi
64ec2d073f
CI: add a build job with TPM but without OpenSSL
...
We keep introducing build failures with this combination due to the
high amount of changes, add a combination that covers it
2023-10-27 14:03:23 +01:00
Daan De Meyer
6e24a9dc7f
mkosi: Update to latest
...
We have to set the image runtime size explicitly now so that's it's
grown a bit when we boot in nspawn or qemu.
2023-10-05 16:57:10 +02:00
dependabot[bot]
273aca8b62
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from adaa41512aa30c952daae5ba0abcf2622d66b93b to a8ecff0defa132d729dcdab38380dcae31138e7e.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](adaa41512a...a8ecff0def
2023-10-02 16:54:01 +00:00
dependabot[bot]
b503c76689
build(deps): bump meson from 1.2.1 to 1.2.2 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.1...1.2.2 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-01 18:16:06 +00:00
dependabot[bot]
8ee09da6e8
build(deps): bump actions/checkout from 3.6.0 to 4.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...8ade135a41
2023-10-01 18:15:04 +00:00
dependabot[bot]
a14438a85c
build(deps): bump github/codeql-action from 2.21.5 to 2.21.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.5 to 2.21.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](00e563ead9...ddccb87388
2023-10-01 18:14:32 +00:00
Jan Janssen
79ae0d0b3e
ci: Update compiler build matrix
...
Given that gold is pretty much unmaintained and does not support
`-static-pie` for bootloader components it should be safe to drop.
Also switch to clang-17 while we're at it.
2023-09-29 16:56:30 +02:00
Daan De Meyer
755012d37d
mkosi: Bump Fedora CI to Fedora 39
2023-09-19 11:47:41 +02:00
Daan De Meyer
bcc911a7d7
mkosi: Conditionally use tools tree
...
If the systemd version on the host is too old and there's no local
build directory, use the default tools tree which will build an
image containing all the tooling required to build systemd and use
that to build the other presets.
2023-09-09 15:53:26 +02:00
Daan De Meyer
aa72f856a1
mkosi: Update to latest
2023-09-09 15:45:41 +02:00
Daan De Meyer
6ec74f916a
mkosi: Drop arch workaround
...
archlinux-keyring was updated in Michel's PPA so let's drop the
workaround.
2023-09-08 09:20:46 +01:00
Jan Janssen
690db0c80f
ci: Do not run build test as root
...
Although, this is CI, we can still do better. It also ensures that any
env var changes make it into the script, as things like PATH would not
survive a `sudo -E`.
2023-09-06 11:01:53 +02:00
Jan Janssen
ce2c01789c
ci: Don't produce debug output for build tests
...
These binaries are never used, so generating debug symbols just
slows down build time.
2023-09-06 11:01:53 +02:00
Jan Janssen
051ec23ce2
ci: Use apt-get in favor of apt
...
Apparently, apt does not have a stable CLI interface and warns about it.
2023-09-06 11:01:53 +02:00
Jan Janssen
592ee08f3b
ci: Use add-apt-repository to enable sources
...
This should also ensure that consistent mirrors are selected.
2023-09-06 11:01:53 +02:00
Jan Janssen
bc763971ef
ci: Remove custom build step names
...
Putting build matrix details into a build step name is rather useless as
the jobs themselves already contain the needed information.
2023-09-06 10:40:51 +02:00
Daan De Meyer
35356d7f3f
mkosi: Update to latest
...
Configuration now takes priority over CLI options so we have to
configure the defaults for settings that we want to allow overriding
from the CLI. We also explicitly set some other settings so that they
can't be overridden from the CLI anymore. For example the base and
initrd image should never be made bootable so we set Bootable=no
explicitly for both.
2023-09-05 15:28:23 +02:00
Daan De Meyer
16173ab1aa
mkosi: Re-enable arch but disable keyring checking
...
No need to disable arch completely, let's just disable keyring checking
to get CI working again for now.
2023-09-04 13:53:16 +02:00
Luca Boccassi
f7f842f888
mkosi: temporarily disable Arch
...
The mkosi Arch CI doesn't work as the keyring package is out
of date and cannot be built due to various build toolchain
issues. Disable the job as it always fails and confuses
submitters.
2023-09-03 14:40:24 +01:00
dependabot[bot]
475974eb5b
build(deps): bump actions/checkout from 3.5.3 to 3.6.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-09-02 19:13:09 +00:00
dependabot[bot]
c5de4ee02b
build(deps): bump meson from 1.2.0 to 1.2.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.0...1.2.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:12:43 +00:00
dependabot[bot]
3bb5656ff1
build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.21.2 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0ba4244466...00e563ead9
2023-09-02 19:12:34 +00:00
Jan Janssen
7f9a0d6d74
meson: Drop skip-deps option
...
Now that we use meson feature options for our dependencies, we can just
rely on '--auto-features=disabled' to do the same. One benefit of this
is that specific features can still be force-enabled by overriding it
with the appropriate '-Dfeature=enabled' flag.
The two remaining uses for skip-deps can simply rely on their default
logic that sets the value to 'no' when the dependency is disabled.
2023-08-23 14:57:49 +02:00
Jan Janssen
1e73a64a7a
meson: Convert more options to meson features
...
The semantics for libidn2 and pwquality have changed slightly: We will
pick a preferred one if both are enabled instead of making it an error.
2023-08-23 14:45:02 +02:00
Jan Janssen
40e9c4e45d
meson: Convert options to meson features (require)
...
These options use requre() to conveniently express their dependency
requirements.
2023-08-23 14:45:02 +02:00
Jan Janssen
43abc59a27
meson: Use feature options
...
By using meson features we can replace the handcrafted dependency
auto-detection by just passing the value from get_option directly to the
required arg for dependency, find_library etc.
'auto' features make the dependency optional, 'enabled' requires it
while 'disabled' features will skip detection entirely.
Any skipped or not found dependency will just be a no-op when passed to
build steps and therefore we can also skip the creation of empty vars.
The use of skip_deps for these is dropped here as meson provides a way
to disable all optional features in one go by passing
'-Dauto_features=disabled'.
2023-08-23 14:45:02 +02:00
Daan De Meyer
c3e83f09ea
mkosi: Update to v15.1 release
2023-08-15 12:32:39 +02:00
